Griffin Davis , Tech Times

GitHub's RSA SSH private key was accidentally leaked to the public, as confirmed by the code hosting platform's CEO, Mike Hanley. 

GitHub's RSA SSH Private Key Accidentally Leaked to Public! Is This a Breach?
(Photo : Photo credit should read JACK GUEZ/AFP via Getty Images) An engineer from the Israeli company "Commun.it" uses his expertise in social media commercial analysis to identify networks of fake users during at the group's office in the Israeli city of Bnei Brak near Tel Aviv on January 23, 2019.

"This week, we discovered that GitHub.com's RSA SSH private key was briefly exposed in a public GitHub repository," he announced via his official blog post

Hanley, who is also GitHub's SVP of Engineering, said that they quickly contained the exposure and investigated the root cause of the issue. 

GitHub's RSA SSH Private Key Accidentally Leaked to Public! 

According to The Register's latest report, the latest GitHub leak was not caused by a security breach. 

GitHub's RSA SSH Private Key Accidentally Leaked to Public! Is This a Breach?
(Photo : Photo by Sean Gallup/Getty Images) A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.

Also Read: Central Banks' Instant Payments Network Tests in Europe, Asia Hints Future Global Implementation

Instead, the RSA SSH host key was exposed to the public because of a plain, old human error. 

Because of this simple accident, the Github.com RSA SSH private key was leaked into a public GitHub repository. 

Although this might seem alarming, Hanley clarified that the private key leak doesn't affect the web traffic to GitHub.com and HTTPS Git operations. 

He added that it doesn't grant access to their customer data or infrastructure. 

However, the RSA SSH host key exposure can still affect developers since it can cause connection errors and send warning messages. 

Thankfully, GitHub was able to fix the problem on Mar. 24.

What GitHub Users Should Do 

Mike Hanley said that GitHub users relying on GitHub's ECDSA or Ed25519 keys don't have to worry about anything. 

But, if you receive the warning message "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!," then developers need to remove the old private key they are using. 

The GitHub CEO said that developers can remove their old key by running the command "$ ssh-keygen -R github.com." 

If you want to see the other steps provided by Hanley to replace the leaked private key host, just click here

Here are other stories we recently wrote about cybersecurity: 

Security experts claimed that ransomware attacks are focusing on undermanned U.S. rural hospitals. 

Meanwhile, the fake "ChatGPT for Google" Chrome extension allegedly steals Facebook accounts. 

For more news updates about code leaks and other cybersecurity topics, always keep your tabs open here at TechTimes.  

Related Article: Cybercriminals' Favorite Crypto Platform ChipMixer Taken Down by Police

Tech Times

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: GitHub GitHub RSA SSH Private Key Leak GitHub Breach GitHub RSA Private Key GitHub Private Key Leak
Join the Discussion